One of the reasons why the combination of Web2 security and Web3 applications is that when everything is a token, everything is a target.
What does this mean? Well, one of the reasons why Web3 is so attractive to so many people is because of tokenisation. Nothing on the blockchain is isolated. Instead, it can be transferred anywhere else onto the blockchain, and sometimes even onto other blockchains.
There are marketplaces for almost anything on the blockchain- NFTs, gaming items, books, and more.
Because everything is a token and can be sold, everything has a non-zero exchange value, meaning that it can be exchanged for some amount of cryptocurrency. As such, whereas hackers would have previously ignored gaming items due to the limited utility and difficulty in turning them into monetary gains, these items now can be sold easily.
Because everything is a token, everything has value, and therefore, everything is a target, no matter how esoteric or minimal its value may seem.
Boscolo points out that in this case, FriendTech was basically the perfect storm : “FriendTech accounts were tied to people’s public twitter accounts, and the value from hacking a creator was clear. The cherry on top was that these accounts were accessible by SMS 2FA. This basically created a honey pot for scammers to easily pull off a SIM Swap on anyone who became “valuable enough”.”.
The problem is that FriendTech isn’t alone- plenty of other Web3 applications also allow social logins. Each wallet or account that is only secured by Web2 security methods like SMS 2FA or social media credentials is essentially a bank account waiting to be robbed or hacked. Evidently, we need a better way to secure our Web3 accounts.